QoS with Netfilter
Joshua Snyder
Joshua Snyder <josh@imagestream.com>
Thu, 26 Jul 2001 11:15:20 -0500 (EST)
Ok, I am sure I can help you...
On Tue, 24 Jul 2001, Jose Celestino wrote:
> My previous mail passed unnoticed so I'm resending it (I know, I know,
> if it went unanswered is probably because noone knew, but possibly
> someone not as clueless as I will notice it this time and help me shed
> some light. Sorry anyway).
>
> Howdy,
>
> I'm facing the following problem.
>
> Our current routing/nat architecture is:
<snip>
> What I'm doing is marking the packets:
>
> iptables -t mangle -A PREROUTING -j MARK --set-mark 2147581953 -m state --state RELATED,NEW,ESTABLISHED,INVALID
>
> tc qdisc replace dev eth2 root cbq bandwidth 100Mbit avpkt 1000
> tc class add dev eth2 parent 8001:0 cbq bandwidth 100Mbit rate 1000Kbit allot 1514 weight 50Kbit prio 5 maxburst 20 avpkt 1000 bounded isolated
> tc filter replace dev eth2 protocol ip parent 8001: prio 1 handle 0x80018001 fw classid 8001:8001
> tc class replace dev eth2 classid 8001:8001 parent 8001:0 cbq bandwidth 750Kbit rate 1Kbit allot 1514b weight 50Kbit prio 5 maxburst 20 avpkt 1000b bounded isolated
I wouldn't use iptables to mark the packets. I would use something like
this... if eth0 is the ethernet segment behind the B connection that is
connected to your router, and eth1 is the interface on the B connection...
And if lan1 is 192.168.0.0/24 and lan2 is 10.0.0.0/8...
Below you will see two sets of Tc commands, the reason for this is Tc can
only work with outbound traffic. But this is not a problem because you
can control how fast your two lans see traffic incoming, so they will only
ack as fast as they get the data.
This will take care of traffic going to your Lans...
tc qdisc add dev eth0 root handle 10: cbq bandwidth 100Mbit avpkt 1000
tc class add dev eth0 parent 10:0 classid 10:1 cbq bandwidth 100Mbit rate 100Mbit allot 1514 weight 10Mbit prio 7 maxburst 20 avpkt 1000
tc class add dev eth0 parent 10:1 classid 10:200 cbq bandwidth 100Mbit rate 100Mbit allot 1514 weight 10Mbit prio 7 maxburst 20 avpkt 1000 bounded
This tbf is what will do the limiting...
tc qdisc add dev eth0 parent 10:200 tbf rate 750000 buffer 5Kb limit 7Kb
tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip dst 192.168.0.0/24 flowid 10:200
tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip dst 10.0.0.0/8 flowid 10:200
This will take care of stuff going outbound from you lan's...
tc qdisc add dev eth1 root handle 10: cbq bandwidth 100Mbit avpkt 1000
tc class add dev eth1 parent 10:0 classid 10:1 cbq bandwidth 100Mbit rate 100Mbit allot 1514 weight 10Mbit prio 7 maxburst 20 avpkt 1000
tc class add dev eth1 parent 10:1 classid 10:200 cbq bandwidth 100Mbit rate 100Mbit allot 1514 weight 10Mbit prio 7 maxburst 20 avpkt 1000 bounded
This tbf is what takes care of the limiting...
tc qdisc add dev eth1 parent 10:200 tbf rate 750000 buffer 5Kb limit 7Kb
tc filter add dev eth1 parent 10:0 protocol ip prio 100 u32 match ip src 192.168.0.0/24 flowid 10:200
tc filter add dev eth1 parent 10:0 protocol ip prio 100 u32 match ip src 10.0.0.0/8 flowid 10:200
>
> This doesn't seem to work, I tried that same class but with bandwidth
> 1Kbit and I did't find it to work.
>
I have never had any luck limiting traffic with cbq classes, it works much
better when you use a tbf. Let me know if this helps...
josh
> Am I doing something wrong (most certainly)? By the way, what can I do
> to optimize/improve my masquerade script?
>
> TIA.
>
> Best regards
>
> --
> Jose Celestino <japc@co.sapo.pt>
> ---------------------------------
> "In 3010, the potatoes triumphed."
>
>